feat(engine,api): add orphan topology resource reaper

Topology rows deleted without a proper teardown leave Docker containers
and bridge networks behind, holding IPAM pools that cause 403 "Pool
overlaps" on the next deploy at the same subnet.

- engine/reaper.py walks the local Docker daemon, extracts the 8-char
  topology prefix from every decnet_t_* resource, and force-removes
  containers + networks whose prefix is not in the repo.
- POST /api/v1/topologies/reap-orphans (admin-only) returns a report
  of live/orphan prefixes and what was removed.
- Resources belonging to live topologies are never touched; per-resource
  errors are captured without aborting the sweep.

decnet/web/router/topology/__init__.py

@@ -21,6 +21,7 @@ from .api_get_topology import router as _get_router
 from .api_lan_crud import router as _lan_router
 from .api_list_topologies import router as _list_router
 from .api_mutations import router as _mutations_router
+from .api_reap_orphans import router as _reap_router
 from .api_teardown_topology import router as _teardown_router
 
 topology_router = APIRouter(prefix="/topologies", tags=["topologies"])
@@ -34,6 +35,7 @@ topology_router.include_router(_catalog_router)
 topology_router.include_router(_list_router)
 topology_router.include_router(_create_blank_router)
 topology_router.include_router(_create_router)
+topology_router.include_router(_reap_router)
 topology_router.include_router(_deploy_router)
 topology_router.include_router(_teardown_router)
 topology_router.include_router(_delete_router)